Skulls may not mean skullduggery, says Symbian
Summary: Skulls, a suspected Trojan which disables some phones running the Symbian OS, might not be malware at all, according to the software vendor
Mobile phone operating system company Symbian has said it is unsure whether a program that distrupts some phones running its software, and dubbed the Skulls Trojan, is malicious.
Despite the code disabling programs on Nokia Series 60 phones, specifically the 7610, and displaying pictures of skulls where the program icons should be, the company said the program could be legitimate.
"We're not entirely sure that this wasn't a valid application," said a spokesman for the Symbian. He added that some people might like to look at skulls on their mobile phones. "It might be that some people like sort of thing. There's no accounting for people's tastes on the Internet. We're not sure at this point."
The company said that most sources for the program, which is posted under the name of Extended Theme Manager, had been closed down.
Symbian said that other phones using the UIQ interface on the Symbian OS - Sony Ericsson, Motorola, BenQ, Arima and Fujitsu - are thought to be unaffected by the Trojan.
In a prepared email statement, Symbian said: "It is Symbian's understanding that the suspected malware is no longer being distributed. It is unclear if this [sic] adverse effects of this software are the result of deliberate development (a Trojan) or an inadvertent side-effect of poor software programming. Symbian and Nokia are investigating this matter further and Symbian will update the information below as soon as possible." Symbian is collaborating with antivirus company F-Secure to find a fix for the problem.
"We've been contacting all the download sites with this file and asking them not to distribute it," said director of antivirus research for F-Secure Mikko Hypponen. "But it's hard to get off peer-to-peer networks."
The deathly looking mobile phone Trojan disrupts the default programs on Symbian operating systems. F-Secure said that Skulls, which renders useless all the default programs on the phone, displays the image of a skull where the program icon ought to be.
The Trojan leaves the user with the capability to do little else but make phone calls. Hypponen added that the program was not technically a virus because it does not replicate itself.
Symbian mobile phone programs are stored on ROM –- which cannot be overwritten -- on the Z drive. The Skulls Trojan copies its programs – i.e. the skull images – to the C drive and in doing so overrides the Z drive programs, and so displays the skulls as the program files.
Hypponen advised users to be careful what they download.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The author has embedded numerous messages including an invitation to send him/her a copy of the Cabir virus (presumably to learn how to spread files via Bluetooth), a warning that further versions of the application will be released and a number of short sometimes contradictory statements such as "Why do T-VIRUS created? Cuz i love you so much :)" and "Why do T-VIRUS belongs in this world? Cuz i hate you very much :)".
If the Skulls trojan (or T-VIRUS as its author calls it) is not malware why would the author include the statements the he/she does?
We were also interested in the statement that Symbian and F-Secure are working to fix the problem. Symbian should have spoken to us, there is no need to wait for them to fix the problem as SimWorks Anti-Virus for Symbian phones already protects against and repairs the damage caused by the Skulls trojan.
Best regards,
Aaron Davidson.